tinycm view plugins/cloud/cloud.cgi @ rev 93
Security improvment in cloud and community plugin
| author | Christophe Lincoln <pankso@slitaz.org> |
|---|---|
| date | Fri Feb 17 13:06:47 2017 +0100 (2017-02-17) |
| parents | 4418f0315c8e |
| children | 5b8fd5ab20b7 |
line source
1 #!/bin/sh
2 #
3 # TinyCM Plugin - Upload files to the Cloud
4 #
5 . /usr/lib/slitaz/httphelper
7 cloud="$tiny/$content/cloud"
8 cloudlog="$tiny/$cache/log/cloud.log"
10 case " $(GET) " in
11 *\ upcloud\ *)
12 # Have a variable in config file for the content/cloud path ?
13 [ ! check_auth ] && header "Location: $HTTP_REFERER"
14 [ ! "$(FILE datafile name)" ] && header "Location: $HTTP_REFERER"
15 user="$(GET user)"
16 cloud="../../content/cloud"
17 cloudlog="../../cache/log/cloud.log"
18 name=$(FILE datafile name)
19 tmpname=$(FILE datafile tmpname)
20 # Sanity check
21 [ ! -d "$cloud" ] && mkdir -p ${cloud}
22 [ ! -f "$cloudlog" ] && touch ${cloudlog}
23 # Move/Overwrite files to the cloud and set permissions
24 if ! mv -f ${tmpname} ${cloud}/${name}; then
25 echo "ERROR: ${name}" && exit 1
26 fi
27 chmod a+r ${cloud}/${name}
28 # Log activity
29 cat >> ${cloudlog} << EOT
30 $(date '+%Y-%m-%d %H:%M') : <a href="content/cloud/${name}">${name}</a> \
31 $(gettext "uploaded by:") <a href="index.cgi?user=$user">$user</a>
32 EOT
33 # Back to the cloud
34 header "Location: $HTTP_REFERER" ;;
36 *\ rmcloud\ *)
37 user="$(GET user)"
38 name="$(GET name)"
39 rm -f "$cloud/$name"
40 # Log activity
41 cat >> ${cloudlog} << EOT
42 $(date '+%Y-%m-%d %H:%M') : $name $(gettext "removed by:") \
43 <a href="index.cgi?user=$user">$user</a>
44 EOT
45 # Back to the cloud
46 header "Location: $HTTP_REFERER" ;;
48 *\ cloudlog\ *)
49 # Display Cloud activity
50 d="Cloud activity"
51 [ ! check_auth ] && header "Location: $script"
52 # Clean-up logfile
53 if [ "$(GET clean)" ] && admin_user; then
54 rm -f ${cloudlog} && touch ${cloudlog}
55 header "Location: $HTTP_REFERER"
56 fi
57 header
58 html_header
59 user_box
60 cat << EOT
61 <div id="tools">
62 <a href="$script?dashboard">Dashboard</a>
63 <a href="$script?cloud">Cloud files</a>
64 <a href="$script?cloudlog&full">$(gettext "More activity")</a>
65 EOT
66 if admin_user; then
67 cat << EOT
68 <a href="$script?cloudlog&clean">$(gettext "Clean logfile")</a>"
69 EOT
70 fi
71 echo "</div>"
72 echo "<h2>$(gettext "Cloud activity")</h2>"
73 echo '<pre>'
74 if [ "$(GET full)" ]; then
75 tac ${cloudlog}
76 else
77 tac ${cloudlog} | head -n 20
78 fi
79 echo '</pre>'
80 html_footer && exit 0 ;;
82 *\ cloud\ *)
83 # The dashboard
84 d="Cloud files"
85 files=$(ls -1 $cloud | wc -l)
86 size=$(du -sh $cloud | awk '{print $1}')
87 header
88 html_header
89 user_box
90 # Security check
91 if ! check_auth; then
92 gettext "You must be logged in to use the Cloud."
93 exit 1
94 fi
95 [ -f "$cloudlog" ] || mkdir -p $(dirname $cloudlog)
96 cat << EOT
97 <div id="tools">
98 <a href="$script?dashboard">Dashboard</a>
99 <a href="$script?cloudlog">Cloud activity</a>
100 <a href="$content/cloud">Raw files</a>
101 </div>
103 <h2>Cloud files</h2>
105 <p>
106 $(gettext "Upload files on the cloud to share them with some other people
107 or use them in your documents content. Tip: Drag and Drop files from your
108 desktop.")
109 </p>
110 <div id="cloud-upload">
111 <form method="post" action="plugins/cloud/cloud.cgi?upcloud&user=$user"
112 enctype="multipart/form-data">
113 <input type="file" name="datafile" size="50" />
114 <input type="submit" value="Upload" />
115 </form>
116 </div>
117 <p>
118 <b>Files:</b> $files | <b>Size:</b> $size
119 </p>
120 EOT
121 echo '<pre>'
122 # List all Cloud files
123 for f in $(ls ${cloud})
124 do
125 case $f in
126 *.png|*.jpg|*.gif) image="images/image.png" ;;
127 *) image="images/empty.png" ;;
128 esac
129 cat << EOT
130 <a href="$content/cloud/${f}" title="${WEB_URL}$content/cloud/${f}">\
131 <img src="$image" />${f}</a> : \
132 <a href="$script?rmcloud&name=${f}&user=$user">$(gettext "Remove")</a>
133 EOT
134 done
135 echo '</pre>'
136 html_footer
137 exit 0
138 esac